clavix 5.7.1 → 5.8.1

package/dist/templates/slash-commands/_canonical/verify.md

@@ -1,378 +1,129 @@
 ---
-name: "Clavix: Verify Implementation"
-description: Verify implementation against requirements with comprehensive quality assessment
+name: "Clavix: Verify"
+description: Perform a spec-driven technical audit, generating actionable review comments
 ---
 
-# Clavix: Check Your Work
+# Clavix: Verification & Audit
 
-Built something? Great! Let me check that everything works as expected. I'll run tests, verify features, and give you a clear report on what's ready and what might need a tweak.
+I will perform a **Spec-Driven Technical Audit** of your implementation. I don't just "run tests"—I verify that your code matches the **Plan** (`tasks.md`) and the **Requirements** (`full-prd.md`).
 
 ---
 
 ## What This Does
 
-When you run `/clavix:verify`, I:
-1. **Find what you built** - Auto-detect the prompt or tasks you implemented
-2. **Run all the checks** - Tests, builds, linting, and more
-3. **Verify the features** - Make sure everything from your requirements works
-4. **Give you a clear report** - What passed, what failed, what needs attention
-5. **Help you fix issues** - Specific suggestions for anything that needs work
+When you run `/clavix:verify`, I act as a **Senior Code Reviewer**. I compare *what was built* against *what was planned*.
 
-**I check everything:**
-- Tests pass, code compiles, no linting errors
-- All your requirements are actually implemented
-- Features work together properly
-- Edge cases are handled
-- Performance is reasonable
+1.  **Load the Spec**: I read the `full-prd.md` and `tasks.md` to understand the *requirements* and *technical design*.
+2.  **Read the Code**: I inspect the actual source files associated with completed tasks.
+3.  **Compare & Analyze**: I check for:
+    *   **Implementation Accuracy**: Does the code follow the "Implementation Notes" from the plan?
+    *   **Requirements Coverage**: Are all PRD requirements for this feature met?
+    *   **Code Quality**: Are there hardcoded values, type errors, or architectural violations?
+4.  **Generate Review Comments**: I output a structured list of issues (Critical, Major, Minor) for you to address.
 
 ---
 
-## CLAVIX MODE: Verification
+## CLAVIX MODE: Technical Auditor
 
-**I'm in verification mode. Checking your work, not changing it.**
+**I'm in Audit Mode.**
 
 **What I'll do:**
-- ✓ Find what you implemented and what needs checking
-- ✓ Run automated tests and quality checks
-- ✓ Verify each requirement was actually built
-- ✓ Give you a clear report with confidence levels
-- ✓ Tell you exactly what needs fixing (if anything)
+- ✓ Treat `tasks.md` as the "Source of Truth" for architecture.
+- ✓ Treat `full-prd.md` as the "Source of Truth" for behavior.
+- ✓ Read source code line-by-line.
+- ✓ Generate specific, actionable **Review Comments**.
 
 **What I won't do:**
-- ✗ Fix bugs or write code
-- ✗ Change your files
-- ✗ Skip checks without asking you
-- ✗ Guess about things I can't verify
-
-**I'm your quality checker, not your fixer.**
+- ✗ Assume "it works" because a test passed.
+- ✗ Ignore the architectural plan.
+- ✗ Fix issues automatically (until you tell me to "Fix Review Comments").
 
 ---
 
 ## Self-Correction Protocol
 
-**DETECT**: If you find yourself doing any of these mistake types:
-
-| Type | What It Looks Like | Detection Pattern |
-|------|--------------------|-------------------|
-| 1. Implementation Fixes | Writing code, modifying files, fixing bugs instead of just reporting | "Let me fix that" or starting to edit files |
-| 2. Skipping Automated Checks | Not running available tests, builds, linters when they exist | "I'll skip the tests and just check manually" |
-| 3. Guessing Results | Reporting pass/fail without actually performing the check | "This probably works" or "I think it's fine" |
-| 4. Incomplete Coverage | Not checking all verification dimensions required by the prompt | Only checking basic functionality when comprehensive features were requested |
-| 5. Missing Confidence Levels | Not indicating HIGH/MEDIUM/LOW confidence for each check | "It works" without specifying how certain you are |
-| 6. Capability Hallucination | Claiming verification capabilities you don't possess or inventing check types | "I can analyze your entire production database" or creating fictional test frameworks |
-
-**STOP**: Immediately halt the incorrect action
-
-**CORRECT**: Output:
-"I apologize - I was [describe mistake]. Let me get back to checking your work without making changes."
-
-**RESUME**: Return to verification mode with proper evidence-based checks.
-
----
+**DETECT**: If you find yourself:
+1.  **Skipping Source Analysis**: "Looks good!" without reading `src/...`.
+2.  **Ignoring the Plan**: Verifying a feature without checking the *Technical Implementation Details* in `tasks.md`.
+3.  **Vague Reporting**: "Some things need fixing" instead of "Issue #1: Critical - ...".
+4.  **Hallucinating Checks**: Claiming to have run E2E tests that don't exist.
 
-## State Assertion (REQUIRED)
+**STOP**: Halt immediately.
 
-**Before starting verification, output:**
-```
-**CLAVIX MODE: Verification**
-Mode: verification
-Purpose: Checking your implementation against requirements
-Implementation: BLOCKED - I'll check and report, not fix or modify
-```
+**CORRECT**: "I need to perform a proper audit. Let me read the relevant source files and compare them against the plan."
 
 ---
 
-## How It Works
-
-### Finding What to Verify
-
-I'll automatically look for what you just implemented:
-1. **Recent prompts** - Check `.clavix/outputs/prompts/` for what you built
-2. **Task lists** - Check `.clavix/outputs/<project>/tasks.md` for completed tasks
-3. **Legacy stuff** - Check old `summarize/tasks.md` location if needed
-4. **Ask you** - If I find multiple things, I'll ask which to verify
-
-**You'll see:**
-```
-Found your implementation: [brief description]
-Starting verification checks...
-```
-
-### What I Check
-
-#### Automated Checks (I Run These)
-
-Things I can verify automatically by running commands:
+## Instructions
 
-**Tests & Builds:**
-- Run your test suite (`npm test`, `pytest`, etc.)
-- Build/compile your code
-- Check for linting errors
-- Verify type safety (TypeScript, mypy, etc.)
-- Scan for security vulnerabilities
-- Run integration tests if you have them
+### Phase 1: Scope & Context
+1.  **Identify Completed Work**: Read `.clavix/outputs/[project]/tasks.md`. Look for checked `[x]` items in the current phase.
+2.  **Load Requirements**: Read `.clavix/outputs/[project]/full-prd.md`.
+3.  **Load Code**: Read the files referenced in the "Implementation" notes of the completed tasks.
 
-**What you'll see:**
-```
-Running tests...
-✅ All 23 tests passed
-
-Building code...
-✅ Clean build, no errors
+### Phase 2: The Audit (Comparison)
+Perform a **gap analysis**:
+*   **Plan vs. Code**: Did they use the library/pattern specified? (e.g., "Used `fetch` but Plan said `UserService`").
+*   **PRD vs. Code**: Is the business logic (validation, edge cases) present?
+*   **Code vs. Standards**: Are there hardcoded secrets? `any` types? Console logs?
 
-Checking code quality...
-✅ No linting issues
+### Phase 3: The Review Report
+Output a structured **Review Board**. Do not write a wall of text. Use the "Review Comment" format.
 
-Confidence: HIGH (I actually ran these)
-```
-
-#### Checks I Do With You
-
-Things I can analyze but need your input on:
-
-**Requirements Coverage:**
-- Did I build all the features you asked for?
-- Does the implementation match what you wanted?
-- Are there missing pieces?
-
-**User Experience:**
-- Does the interface work smoothly?
-- Are there console errors or warnings?
-- Does it feel right to use?
-
-**Integration & Performance:**
-- Do API calls work correctly?
-- Is performance acceptable?
-- Does it handle real-world data?
-
-**You'll see:**
-```
-Checking requirements coverage...
-Found all 5 requested features implemented.
-
-Does the login flow work as you expected? (yes/no)
-```
-
-#### Things You Tell Me
-
-Some things only you can verify:
-
-- Does it solve your original problem?
-- Are the business rules correct?
-- Do edge cases work properly?
-- Is it ready for production?
-- Is documentation good enough?
-
-### Understanding Your Results
-
-**What the symbols mean:**
-
-| Symbol | Status | What It Means |
-|--------|--------|---------------|
-| ✅ | Passed | This check is good |
-| ❌ | Failed | Needs fixing |
-| ⏭️ | Skipped | Check this later |
-| ➖ | N/A | Doesn't apply to your project |
-
-**Confidence levels:**
-- **HIGH** - I ran tests/commands, saw the results
-- **MEDIUM** - I analyzed code and got your confirmation
-- **LOW** - Based on what you told me
-
-**Example report:**
-```
-Verification Complete: User Authentication
-
-✅ AUTOMATED CHECKS
-   Tests: 23/23 passed
-   Build: Clean, no errors
-   Linting: No issues
-   Type Safety: All good
-
-⚠️  REQUIREMENTS COVERAGE
-   ✅ User registration works
-   ✅ Login/logout works
-   ❌ Password reset missing
-   ✅ Session management works
-
-📝 YOUR INPUT NEEDED
-   Business Logic: You confirmed it's correct
-   Ready for production: You said yes
-
-OVERALL: 85% - Ready with minor improvements
-STATUS: Address password reset before launch
-```
+#### Review Comment Categories
+*   🔴 **CRITICAL**: Architectural violation, security risk, or feature completely broken/missing. **Must fix.**
+*   🟠 **MAJOR**: Logic error, missing edge case handling, or deviation from PRD. **Should fix.**
+*   🟡 **MINOR**: Code style, naming, comments, or minor optimization. **Optional.**
+*   ⚪ **OUTDATED**: The code is correct, but the Plan/PRD was wrong. **Update Plan.**
 
 ---
 
-## When Things Fail
-
-### Don't Panic
-
-Failed checks are normal. They just tell you what needs work.
-
-**Critical issues (must fix before shipping):**
-- ❌ Tests failing
-- ❌ Code won't build
-- ❌ Type errors
-- ❌ Missing core features
-
-**Nice to fix (but not blockers):**
-- ⚠️ Linting warnings
-- ⚠️ Performance could be better
-- ⚠️ Documentation is thin
-- ⚠️ Edge cases need work
+## Output Format: The Review Board
 
-**When something fails, I'll:**
-1. Tell you exactly what's wrong
-2. Suggest how to fix it
-3. Offer to re-check after you make changes
-4. Point you to help if it's complex
+```markdown
+# Verification Report: [Phase Name / Feature]
 
-### Common Issues
+**Spec**: `tasks.md` (Phase X) | **Status**: [Pass/Fail/Warnings]
 
-**Example 1: Tests are failing**
-```
-❌ Tests failed: 3 of 23 integration tests
-
-Error: "User authentication endpoint not found"
-
-What to check:
-1. Are your auth routes set up correctly?
-2. Is the API endpoint configured right?
-3. Try running tests individually to see more details
-
-When you've fixed it: Just run /clavix:verify again
-```
-
-**Example 2: Missing features**
-```
-⚠️  Found 2 features from your requirements that aren't implemented:
-
-- Password reset functionality
-- Admin user management
-
-These were in your original requirements. Want to:
-- Build them now?
-- Remove them from requirements?
-- Ship without them for now?
-```
+## 🔍 Review Comments
 
-**Example 3: Performance concerns**
-```
-⚠️  Performance could be better:
+| ID | Severity | Location | Issue |
+|:--:|:--------:|:---------|:------|
+| #1 | 🔴 CRIT | `src/auth.ts` | **Architecture Violation**: Direct `axios` call used. Plan specified `apiClient` singleton. |
+| #2 | 🟠 MAJOR | `src/Login.tsx` | **Missing Req**: "Forgot Password" link missing (PRD 3.1). |
+| #3 | 🟡 MINOR | `src/Login.tsx` | **Hardcoded**: String "Welcome" should be in i18n/constants. |
 
-- Bundle size: 2.3MB (a bit large, recommended < 1MB)
-- Found some slow database queries
-- Page load: 4.2s (could be faster)
+## 🛠️ Recommended Actions
 
-These aren't blockers, but here's how to improve:
-- Split your code into smaller chunks
-- Optimize those database queries
-- Use lazy loading for heavy components
+- **Option A**: `Fix all critical` (Recommended)
+- **Option B**: `Fix #1 and #2`
+- **Option C**: `Mark #1 as outdated` (If you changed your mind about the architecture)
 ```
 
 ---
 
-## Extra Verification Options
-
-### Comprehensive Mode
-
-If you used `/clavix:improve --comprehensive` for your prompt, I'll do deeper checks:
-- More thorough edge case testing
-- Performance benchmarking
-- Security vulnerability scanning
-- Accessibility checks (WCAG compliance)
-- Cross-browser testing recommendations
-
-### Project-Specific Checks
-
-I adjust what I check based on what you're building:
-
-**Web Apps:**
-- Responsive design (works on mobile?)
-- Browser compatibility
-- Accessibility basics
-- SEO optimization
-
-**APIs:**
-- All endpoints working?
-- Auth/security correct?
-- Rate limiting in place?
-- API docs complete?
-
-**Mobile Apps:**
-- Platform guidelines followed?
-- Performance optimized?
-- Battery usage reasonable?
-- Ready for app store?
-
----
-
-## After Verification
+## Fixing Workflow (The Loop)
 
-### Everything Passed! 🎉
+When the user says "Fix #1" or "Fix all critical":
+1.  **Acknowledge**: "Fixing Review Comment #1..."
+2.  **Implement**: Modify the code to resolve the specific issue.
+3.  **Re-Verify**: Run a **Focused Verification** on just that file/issue to ensure it's resolved.
 
-When all checks pass, I'll tell you:
+----
 
-```
-All checks passed! Your implementation is solid.
-
-What would you like to do next?
-1. Archive this project with /clavix:archive
-2. Keep working on improvements
-3. Review specific items in detail
-```
-
-### Some Things Failed
-
-When there are issues, I'll be specific:
+## State Assertion (REQUIRED)
 
+**Before starting verification, output:**
 ```
-Found 2 things that need attention:
-
-❌ Password reset feature is missing
-❌ Loading states could be better
-
-What would you like to do?
-1. Fix these now (I can help)
-2. Fix them later
-3. Ship without them (if not critical)
-4. Archive anyway
+**CLAVIX MODE: Verification**
+Mode: verification
+Purpose: Spec-driven technical audit against requirements and implementation plan
+Implementation: BLOCKED - I'll analyze and report, not modify or fix
 ```
 
-### Want to Check Again?
-
-After you fix things:
-- Run `/clavix:verify` again for a full check
-- Or use `/clavix:verify --retry-failed` to just re-check what failed
-
-No rush! Fix things at your own pace.
-
----
+----
 
-## Workflow Navigation
-
-**You are here:** Verify (checking your work)
-
-**How you got here:**
-1. `/clavix:improve` → Made your prompt better
-2. `/clavix:implement` → Built what you needed
-3. **`/clavix:verify`** → Now checking it works (you are here)
-
-**What's next:**
-- Fix any issues → Run `/clavix:verify` again
-- Everything good → `/clavix:archive` to wrap up
-- Need help fixing → I can guide you
-
-**Related commands:**
-- `/clavix:implement` - Go back and fix issues
-- `/clavix:archive` - Archive when done
-- `/clavix:verify --retry-failed` - Just re-check what failed
-
----
-
-## Agent Transparency (v5.7.1)
+## Agent Transparency (v5.8.1)
 
 ### Agent Manual (Universal Protocols)
 {{INCLUDE:agent-protocols/AGENT_MANUAL.md}}
@@ -397,21 +148,7 @@ No rush! Fix things at your own pace.
 
 ---
 
-## Tips for Smooth Verification
-
-**Before you verify:**
-- Make sure you're actually done building
-- Run tests yourself first (quick sanity check)
-- Have your app running if I need to check the UI
-
-**During verification:**
-- Be honest - if something doesn't work, say so
-- Ask questions if a check doesn't make sense
-- It's okay to skip some checks and come back later
-
-**After verification:**
-- Fix critical stuff first (tests, builds, core features)
-- Use `--retry-failed` to just re-check what you fixed
-- Don't stress perfection - good enough is often good enough to ship
-
-**Remember:** I'm just checking, not judging. Failed checks help you ship better work!
+## Tips for the Agent
+*   **Be Strict**: You are the gatekeeper of quality. It's better to be annoying about an architectural violation now than to let technical debt slide.
+*   **Be Specific**: Never say "fix the code". Say "Import `apiClient` from `@/utils/api` and replace line 42."
+*   **Trust the Code**: If the code says `console.log`, and the plan says "No logs", that is a defect.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clavix",
-  "version": "5.7.1",
+  "version": "5.8.1",
   "description": "Agentic-first prompt workflows. Markdown templates that teach AI agents how to optimize prompts, create PRDs, and manage implementation.\n\nSLASH COMMANDS (in your AI assistant):\n  /clavix:improve    Optimize prompts with auto-depth\n  /clavix:prd        Generate PRD through questions\n  /clavix:plan       Create task breakdown from PRD\n  /clavix:implement  Execute tasks with progress tracking\n  /clavix:start      Begin conversational session\n  /clavix:summarize  Extract requirements from conversation\n  /clavix:refine     Refine existing PRD or prompt\n  /clavix:verify     Verify implementation against requirements\n  /clavix:archive    Archive completed projects\n\nWorks with Claude Code, Cursor, Windsurf, and 20 AI coding tools.",
   "type": "module",
   "main": "dist/index.js",

package/dist/utils/legacy-command-cleanup.d.ts

@@ -1,19 +0,0 @@
-/**
- * Legacy Command Cleanup Utility
- *
- * This module handles cleanup of old command naming patterns from previous
- * Clavix versions. It identifies files using deprecated naming conventions
- * and assists in migration to the current standard.
- *
- * Handles cleanup of:
- * - fast.md, deep.md (replaced by improve.md in v4.11+)
- * - Old naming patterns (clavix-{name} vs {name})
- * - Subdirectory migration for Cline and Claude Code
- *
- * This module will be removed when v4->v5 migration support ends.
- *
- * @since v4.12.0
- */
-import { AgentAdapter } from '../types/agent.js';
-export declare function collectLegacyCommandFiles(adapter: AgentAdapter, commandNames: string[]): Promise<string[]>;
-//# sourceMappingURL=legacy-command-cleanup.d.ts.map

package/dist/utils/legacy-command-cleanup.js

@@ -1,99 +0,0 @@
-/**
- * Legacy Command Cleanup Utility
- *
- * This module handles cleanup of old command naming patterns from previous
- * Clavix versions. It identifies files using deprecated naming conventions
- * and assists in migration to the current standard.
- *
- * Handles cleanup of:
- * - fast.md, deep.md (replaced by improve.md in v4.11+)
- * - Old naming patterns (clavix-{name} vs {name})
- * - Subdirectory migration for Cline and Claude Code
- *
- * This module will be removed when v4->v5 migration support ends.
- *
- * @since v4.12.0
- */
-import * as path from 'path';
-import { FileSystem } from './file-system.js';
-/**
- * v4.12: Deprecated commands that have been replaced
- * - fast → improve (unified with auto-depth)
- * - deep → improve --comprehensive
- */
-const DEPRECATED_COMMANDS = ['fast', 'deep'];
-export async function collectLegacyCommandFiles(adapter, commandNames) {
-    const legacyPaths = new Set();
-    const extension = adapter.fileExtension;
-    const commandDir = path.resolve(adapter.getCommandPath());
-    // v4.12: Clean up deprecated fast/deep commands
-    for (const deprecatedName of DEPRECATED_COMMANDS) {
-        // Check for various naming patterns across adapters
-        const candidates = [
-            path.resolve(commandDir, `${deprecatedName}${extension}`),
-            path.resolve(commandDir, `clavix-${deprecatedName}${extension}`),
-            path.resolve(commandDir, `clavix:${deprecatedName}${extension}`),
-        ];
-        // For Claude Code with subdirectory structure
-        if (adapter.name === 'claude-code') {
-            const clavixDir = path.resolve(commandDir, 'clavix');
-            candidates.push(path.resolve(clavixDir, `${deprecatedName}${extension}`), path.resolve(clavixDir, `clavix-${deprecatedName}${extension}`));
-        }
-        for (const candidate of candidates) {
-            if (await FileSystem.exists(candidate)) {
-                legacyPaths.add(candidate);
-            }
-        }
-    }
-    for (const name of commandNames) {
-        const newFilePath = path.resolve(commandDir, adapter.getTargetFilename(name));
-        const defaultFilePath = path.resolve(commandDir, `${name}${extension}`);
-        if (adapter.name === 'cline') {
-            const oldDir = path.resolve('.cline', 'workflows');
-            const oldCandidates = [
-                path.join(oldDir, `${name}${extension}`),
-                path.join(oldDir, `clavix-${name}${extension}`),
-            ];
-            for (const candidate of oldCandidates) {
-                const resolvedCandidate = path.resolve(candidate);
-                if (resolvedCandidate !== newFilePath && (await FileSystem.exists(resolvedCandidate))) {
-                    legacyPaths.add(resolvedCandidate);
-                }
-            }
-            if (defaultFilePath !== newFilePath && (await FileSystem.exists(defaultFilePath))) {
-                legacyPaths.add(defaultFilePath);
-            }
-            continue;
-        }
-        if (adapter.name === 'gemini' || adapter.name === 'qwen') {
-            const namespaced = commandDir.endsWith(path.join('commands', 'clavix'));
-            if (!namespaced &&
-                defaultFilePath !== newFilePath &&
-                (await FileSystem.exists(defaultFilePath))) {
-                legacyPaths.add(defaultFilePath);
-            }
-        }
-        else if (defaultFilePath !== newFilePath && (await FileSystem.exists(defaultFilePath))) {
-            legacyPaths.add(defaultFilePath);
-        }
-    }
-    if (adapter.name === 'claude-code') {
-        const commandsDir = path.resolve('.claude', 'commands');
-        const colonFiles = await FileSystem.listFiles(commandsDir, /^clavix:.*\.md$/);
-        for (const file of colonFiles) {
-            legacyPaths.add(path.resolve(path.join(commandsDir, file)));
-        }
-        const clavixDir = path.resolve(commandsDir, 'clavix');
-        const hyphenFiles = await FileSystem.listFiles(clavixDir, /^clavix-.*\.md$/);
-        for (const file of hyphenFiles) {
-            legacyPaths.add(path.resolve(path.join(clavixDir, file)));
-        }
-        // Remove task-complete.md (CLI-only command, not a user-facing slash command)
-        const taskCompleteFile = path.resolve(clavixDir, 'task-complete.md');
-        if (await FileSystem.exists(taskCompleteFile)) {
-            legacyPaths.add(taskCompleteFile);
-        }
-    }
-    return Array.from(legacyPaths);
-}
-//# sourceMappingURL=legacy-command-cleanup.js.map